Closed Bug 599304 Opened 14 years ago Closed 14 years ago

Application Update failing with error "Update XML file malformed (200)" when using a non built-in certificate with ProxySG SSL Intercept

Categories

(Toolkit :: Application Update, enhancement)

Product:
Toolkit
Component:
Application Update
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 440750

People

(Reporter: zainul_78, Unassigned)

Details

Attachments

(1 file)

Packet capture for the SSL transaction between Firefox with ProxySG and ProxySG with the aus2.mozilla.org
4.23 KB, application/x-cap
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729)

Application Update failing with error "Update XML file malformed (200)" with ProxySG SSL Intercept.

Firefox explicitly pointed to a ProxySG on port 8080. ProxySG has the capability to intercept https traffic by generating a new certificate which has the same original webserver certificate but signed by the master certificate configured as a CA on the ProxySG.

Here is the link which shows the SSL Proxy solution explained briefly http://www.bluecoat.com/node/2731

For normal browsing operation accessing https site, User will get a prompt message "This Connection is Untrusted" and can choose "I Understand the Risks" to proceed.

However with the Application update does not prompt any error related to certificate instead giving the "Update XML file malformed (200)"

Currently we only have a workaround to avoid intercepting the aus2.mozilla.org to avoid the error message.
https://kbint.bluecoat.com/index?page=content&id=KB4027

Reproducible: Always

Steps to Reproduce:
1. Launch Firefox
2. Change the proxy settings to point to a ProxySG which has SSL Intercept
3. Help --> Check for Updates
4. Error Message 
Actual Results:  
Update XML File Malformed (200)

Expected Results:  
Expecting error message related to the modified SSL certificate or instead of giving the error, switch to http mode or possibly give option to user to proceed the update?
Summary: Application Update failing with error "Update XML file malformed (200)" with ProxySG SSL Intercept → Application Update failing with error "Update XML file malformed (200)" when using a non built-in certificate with ProxySG SSL Intercept
(In reply to comment #0)
>...
> Expected Results:  
> Expecting error message related to the modified SSL certificate or instead of
> giving the error, switch to http mode or possibly give option to user to
> proceed the update?
Bug 440750 is for the incorrect error message.

since we can't be sure if it is a mitm / dns attack we won't switch to http or offer to add the untrusted cert (the cert must be built-in anyways).
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: